DEV Community

Cover image for # πŸš€ Azure Storage Series β€” Controlling Storage Access with Containers, File Shares & SAS Tokens
Ganiyat Olagoke Adebayo
Ganiyat Olagoke Adebayo

Posted on

# πŸš€ Azure Storage Series β€” Controlling Storage Access with Containers, File Shares & SAS Tokens

#aws #cloud #devops #ai

As organizations generate more files and application data, secure and efficient storage management becomes critical.
The Azure admin wants you to get more familiar with storage accounts, containers, and file shares. They anticipate needing to share an increasing number of files and need someone who is skilled using these services. They’ve given you a task of creating a storage container and a file share and uploading files to both locations. In this hands-on Azure lab, we explore how to:

  • Create a Blob Storage Container
  • Upload and manage files
  • Change Blob Access Tiers
  • Create a File Share
  • Secure access using a Shared Access Signature (SAS)
  • Revoke access by rotating access keys

This exercise is perfect for beginners building real-world Azure storage skills.

Prerequisites

Before starting, make sure you already have:

  • An active Azure subscription
  • A Storage Account created earlier
  • Access to the Azure Portal
  • A file saved on your computer to upload (an image or document)

Part 1: Create a Storage Container

  1. Log in to the Azure portal: https://portal.azure.com
  2. In the search bar, type Storage accounts
  3. Select your previously created storage account

  1. Under Data storage, select Containers
  2. Click + Add container
  3. Enter the name: storage-container
  4. Click Create

Your blob container is now ready.

Part 2: Upload a File to the Storage Container

  1. Open storage-container
  2. Click Upload
  3. Select a file from your computer
  4. Click Upload


Once uploaded, Azure automatically assigns it to the Hot access tier.

Part 3: Change the Blob Access Tier (Hot β†’ Cold)

  1. Select the uploaded file
  2. Click Change tier

  1. Choose Cold
  2. Click Save

This reduces storage cost for files that are accessed less frequently.

Part 4: Create a File Share

  1. Go back to your Storage Account

  1. Under Data storage, select File shares
  2. Click + File share
  3. Name it: file-share

  1. Open the Backup tab
  2. Uncheck Enable backup

  1. Click Review + create β†’ Create

Now, click Upload and upload the same file or any other file.

You now have both Blob Storage and File Share storage configured.

Part 5: Secure Access Using Shared Access Signature (SAS)

Instead of giving full access to your storage account, Azure allows you to grant temporary, limited access using a SAS token.
The next piece of the puzzle is figuring one way to control access to the files that have been uploaded. Azure has many ways to control files, including things like role-based access control. In this scenario, we shall use shared access tokens or keys.

Generate a SAS Token

  1. Open your Storage Account
  2. Select Storage browser

  1. Expand Blob containers

  1. Open storage-container

  1. Click the three dots (β‹―) next to your uploaded file
  2. Select Generate SAS

Configure the SAS

  • Signing method: Account key
  • Signing key: Key 1

  • Permissions: Read
  • Allowed protocol: HTTPS only
  • Leave Start & Expiry time as default (or customize)

Click Generate SAS token and URI


Copy the Blob SAS URL and open it in a new browser tab.


Your file should display immediately.

This means:
πŸ‘‰ Anyone with this link can access the file
πŸ‘‰ Only for the duration you specified

Part 6: Revoke Access by Rotating KeysπŸ”„

To disable the SAS link, we rotate the key that created it.

  1. Go to the Storage Account
  2. Open Security + networking

  1. Select Access keys

  1. Under Key 1, click Rotate key
  2. Confirm by clicking Yes


Now return to your SAS URL tab and refresh the page.

❌ You should now see an authentication failed error

This confirms the SAS access has been successfully revoked.

Key Takeaways

  • Azure Blob Storage is used for unstructured data like images and backups
  • File Shares are useful for shared file systems
  • Access tiers help optimize storage costs
  • SAS tokens allow temporary, secure access
  • Key rotation instantly revokes shared access

Conclusion

In this lab, you successfully:

  • Created a Blob container & File share
  • Uploaded files to both storage services
  • Changed a blob from Hot to Cold
  • Generated a secure SAS token
  • Revoked access using key rotation

These skills are essential for Azure administrators, cloud engineers, and DevOps professionals who manage real-world storage environments.

Top comments (0)